Skip to navigation content (Press Enter).

PCI - Incident Reporting

Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard defined by the Payment Card Industry which outlines security requirements for organizations that handle payment card data.  Payment cards include credit cards, debit cards and pre-paid cards; payment card data includes:

  • credit cardholder name, account number and expiry date
  • credit card verification or CVV code
  • credit, debit or pre-paid card Personal Identification Number (PIN)
  • information that is stored on the magnetic stripe
  • the card itself

The purpose of the PCI-DSS is to protect individual card holders from identity theft.
For more information about PCI at McMaster University, please visit the Financial Affairs department web site:
http://www.mcmaster.ca/bms/BMS_FS_Payment_Card.htm

Examples of PCI Incidents...

Debit and credit card fraud is any attempt to obtain cardholder information with the intent of using that information to complete unauthorized transactions.

Card not present (CNP) are high risk transactions for which a merchant must trust that the transaction is authorized by the card holder without the card being present.  Merchants are advised to be cautious and vigilant about verifying the authority of the purchaser to use the information they provide when performing CNP transactions.

Skimming is the term used to describe the theft of credit card information described above.  This can be done manually by copying or stealing receipts, or automatically by modifying a point of sale (POS) device.  Merchants are advised to always attend closely to their POS devices, and to examine them for modifications daily.

Inappropriate or unauthorized access to PCI virtual terminals (C-VT), hosted pay page (HPP), or to systems hosting payment card data (D) may put cardholder data at risk.  IT Security has published guidelines to safeguard the configuration of C-VT, HPP and D systems.  System administrators are advised to monitor these systems closely for signs of unauthorized access.

Reporting a PCI Incident...

Upon detection of a PCI related information security incident, merchants and/or staff are instructed to:
DO NOT logoff or power off the affected system.
DO take note of pertinent information, including:

  • the time that the suspected incident occurred
  • the condition of the affected system
  • your merchant number

If the incident involves an active physical threat, including theft or tampering with a POS device, report this immediately to:

McMaster Security Services
905-525-9140 ext 24281, or 905-522-4135
Dial “88" from any University phone

  • Report the incident, including the information detailed above, directly to Moneris: 1(866) 319-7450 only after the physical threat has been contained.
  • Report the incident, including the information above, directly to the IT Security team: c-it-security@mcmaster.ca OR (905) 525-9140 x28299 only after it has been reported to Moneris.

If the incident involves a known act of fraud, or tampering with a POS device, C-VT virtual terminal or Hosted Pay Page server:

  • Report the incident, including the information detailed above, directly to Moneris: 1(866) 319-7450.
  • Report the incident, including the information above, directly to the IT Security team: c-it-security@mcmaster.ca OR (905) 525-9140 x28299 only after it has been reported to Moneris.

If the incident involves a suspected act of fraud, or tampering with a POS device, C-VT virtual terminal or Hosted Pay Page server, take the following action:

  • Report the incident, including the information above, directly to the IT Security team: c-it-security@mcmaster.ca OR (905) 525-9140 x28299

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.


Mosaic Upgraded Interface

Service Desk

Client Self Service:
https://servicedesk.mcmaster.ca
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Email: uts@mcmaster.ca
Location: Main Campus BSB Rm. 245
Service Catalogue:
http://www.mcmaster.ca/uts
-->

Great Idea Site

Great Idea